New User Account

From: RTW-NLD (IMAC-DC@MSN.COM)
Date: 05/04/02


From: "RTW-NLD" <IMAC-DC@MSN.COM>
Date: Sat, 4 May 2002 06:02:13 -0700


We are currently exploring security options for new users
on a fresh W2K install (All NTFS, SP2 has been applied)
and notice that when we create a new user account who is a
member of the Users group only, the account is denied
access when signing on for the first time locally. The
message is ". . . cannot load user profile. . ." If we
give this user explicit security rights to the Documents
and Settings Folder we can then sign on, and since the
user profile has been created we can subsequently sign on
even if we take the explicit right away. If we only gave
the Users Group rights to this folder we would not have
been allowed to sign on.

If we had made the New User a member of the Power Users
group then we would also have been able to sign on without
doing anything special. Here again, if we were to remove
the New User from the Power Users group, it would have no
effect on subsequent sign-ons because the new profile
would have already been created.

If possible, can someone confirm that this is the intended
behavior of W2K (i.e., profiles for new users are NOT
always loadable by the OS)? By the way, giving security
rights to the local drive alone did not bypass the ". . .
cannot load user profile . . ." message. We had to either
add the user to the Power Users group or explicitly add
them in the Security Tab of the Documents and Settings
Folder. Thanks for any help/comments.



Relevant Pages

  • Re: linksys media center extender installation error
    ... Clear all events from the system, security, and application event viewer ... 1:13:28 PM: Checking only instance of installer. ... 1:13:28 PM: Verifying Privacy Policy is present. ... 1:13:51 PM: Verifying MCRD users group exists. ...
    (microsoft.public.windows.mediacenter)
  • Re: security only works on my PC
    ... Go to Tools, Security, Permissions. ... Click on the Groups option and select the Users Group. ... Just open Windows Explorer and double click the 'secure' ...
    (microsoft.public.access.security)
  • [UNIX] Multiple Vulnerabilities in Tiki CMS/Groupware
    ... Get your security news from a reliable source. ... TikiWiki also works great as a Web-based ... In addition, in any place which SQL injection is possible, not ... User Profile> Theme ...
    (Securiteam)
  • Re: Ntbackup Windows 2003 SP1 issue (VSS/Security)
    ... the Users group on the machine where the access is throwing ... Microsoft MVP (Windows Security) ... > Primary Logon ID: ... > Client Domain: VLM ...
    (microsoft.public.windows.server.security)
  • Re: Power Users, AntiSpyware & CriticalUpdates
    ... If you can wait a day or two before deploying updates, ... Wait until day after patch tuesday. ... or two before you install an critical security patch. ... > Like don't make your users admins or power users and have them use a web ...
    (Security-Basics)